Free Android Apps Cost Users Security, Privacy

Below:

Next story in Tech and gadgets

An 18-month study shows that Android users who download and
install free apps end up paying in compromised privacy and
security.

An audit of 1.7 million apps in the Android Market, recently
renamed Google Play, found that free apps were more than four
times as likely to access contact lists as paid apps that had the
same functions, British tech blog the Register reported.

The study, conducted by networking company Juniper Networks, also found that 24
percent of free apps tracked location data, compared to 6
percent of paid ones.

Many apps
collect location data in order to serve up localized ads. But
Juniper found far fewer apps doing business with major ad
networks than the overall number of apps collecting location
data. To Juniper, that suggested many apps had shadier purposes.

"This leads us to believe there are several apps collecting
information for reasons less apparent than advertising, " the
company said.

Giving apps carte-blanche access to a phone's functions and data
can put a user at risk of being spied upon by remote
commands that silently make calls or activate the camera.
Attackers could also use apps to steal photos, text-message
archives, account logins and other data.

Across the board, free apps asked for permission to
perform unnecessary functions — to send text messages,
access contact lists, take pictures or make phone calls — at
roughly double the rate of their paid counterparts.

Gambling and racing games are two of the most problematic app
categories, the Register reported.

Racing games are often not much more than malware, and 94 percent
of casino games request permission to make outbound calls; 84.5
percent ask to send text messages.

The study also found apps with bad communication skills. Some 63
percent of financial apps, for example, requested permission to
make outgoing calls in the background, but provided no
explanation as to why.

After using several of the apps, Juniper Networks found that the
capability was being used legitimately to contact
financial institutions.

Juniper Networks said the study reveals the need to
better communicate to users what information apps access and what
that access allows them to perform.

"There is a big difference between a spyware app clandestinely
placing an outgoing call to listen to ambient conversations
within hearing distance of the device, and a financial app that
provides the convenience of calling local branches from within an
application," Juniper Network said. "The manner in which
permissions are currently presented does not provide a means for
users to differentiate between the two.